Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:012: XFree86 Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the XFree86 package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:012 (XFree86).
Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing
of the font.alias file. The X server, which runs as root, fails to check the
length of user-provided input
as a result a malicious user could craft a
malformed font.alias file causing a buffer overflow upon parsing, which could
eventually lead to the execution of arbitrary code.
Additional vulnerabilities were found by David Dawes, also in the reading of
The updated packages have a patch from David Dawes to correct these
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:012
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.